Java SE 6 End of Public Updates
After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download.

EDIT: Despite Oracle's statement that 6u39 was going to be the last v6 release, they have released two more. 6u41 and 6u43

Instead of just continually putting this in threads for specific puppies, Im making a single thread I can update with the latest Java information. Packages will be listed here if I have them available (or if others make them available)[/list]_________________Last edited by Q5sys on Wed 06 Mar 2013, 20:57; edited 8 times in total

Instead of just continually putting this in threads for specific puppies, Im making a single thread I can update with the latest Java information. Packages will be listed here if I have them available (or if others make them available)

..this is like saying your cell phone is at risk. As noted in other threads, this is strickly related to browser plugins where they are permitted to begin with. Do you have a linux browser with an at risk java plugin?? Do you really believe that there are no other web browser vulnerabilities?

Instead of just continually putting this in threads for specific puppies, Im making a single thread I can update with the latest Java information. Packages will be listed here if I have them available (or if others make them available)

..this is like saying your cell phone is at risk. As noted in other threads, this is strickly related to browser plugins where they are permitted to begin with. Do you have a linux browser with an at risk java plugin?? Do you really believe that there are no other web browser vulnerabilities?

What do you get out of fear mongering?

This isnt fear mongering. If you notice, its a yes/no field for public exploits. Im not giving all the details, just a simple fyi.

This is nothing more than a consolidated thread for all java related talk and update status. That way its not scattered around in different threads. If a person is curious as to the status of the latest java release, they can take a peek here and go about their way.
btw... Your claim that it is "strickly related to browser plugins", is incorrect. This isn't just related to browser security. In fact one of the 7u7 (i think, it might have been 7u9) bugs had nothing to do with the browser. You could not even have a browser installed and could be exploited. So while certain java exploits are browser dependent, not all are. Java is its own vector on a system.

I created this thread to have a single spot for people to check on java on the forum. And grab the latest packages when I have them available. That's it. If you don't want to know about if you have a decent version of Java... then don't click the thread.

Some people care about security, some don't. This thread is for those that care; if you dont care, then dont bother opening the thread._________________

The present security threat is related to enabled browser plugins, mostly with Internet Explorer. Regarding downloading malicious viruses that effects anything else, just how serious do you think that really is on your puppy linux computer?

There will never be a completely secure programming language that can't be exploited, so don't surf the web. Also, avoid beautiful women.Last edited by jpeps on Sat 19 Jan 2013, 17:12; edited 1 time in total

Thanks for starting this thread. Let's hope that it doesn't push into the realm of emotionalism and remains in the area of technological understanding.

JAVA is a subsystem that can run in all present Operating Systems; namely Windows, Apple, Unix and Linux. This subsystem is and was designed to provide programmers of the world the ability to write a JAVA program (a JAR) and it will run wherever JAVA resides.

This has provided enormous benefit in and out of the business climate. In fact, it is found on many/most xPhones. And one can expect that an application from the xPhone can run on your PCs as well.

In any event, some apps design for desktop have little to no internet exposure. Other apps are internet only. And some of the internet apps actually interact with ,data that it is designed for, on your desktops.

The Homeland Security Announcement is an interesting one to say the least. It does NOT say that/where the exploits have occurred or from whence it comes, just that it has been found. I don't remember a government anti-terrorist organization taking a public stance before now. So, this raises some personal questions on what the exploit most affects.

But time marches on._________________Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Enginesor use DogPile

The Homeland Security Announcement is an interesting one to say the least. It does NOT say that where the exploits have occurred or from whence it comes, just that it has been found. I don't remember a government anti-terrorist organization taking a public stance before now. So, this raises some personal questions on what the exploit most affects.

.

Rather, it raises questions regarding the purpose. In the past, exploiting public fear served the purpose of more big government restrictions and access...i.e, loss of personal freedom. Big government is very interested in controlling the internet.

As I doubt many even run a Java plugin (visit JS enabled), this is merely info. No need to panic..

Quote:

Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future.

The present security threat is related to enabled browser plugins, mostly with Internet Explorer. Regarding downloading malicious viruses that effects anything else, just how serious do you think that really is on your puppy linux computer?

There will never be a completely secure programming language that cant be exploited, so dont surf the web. Also, avoid beautiful women.

jpeps wrote:

Semme wrote:

As I doubt many even run a Java plugin (visit JS enabled), this is merely info. No need to panic..

In fact its not even available for a linux Firefox browser.

Where are you getting your 'facts'? Are you just taking your opinions and calling them 'facts'? Because everything I've read online so far says nothing about it being for 'Internet Explorer' only. If you have access to information that the rest of the security community does not, PLEASE pass it along. I'd love to read it, as I'm sure, would many others.

This issue isnt just IE based, it can affect Mozilla Browsers as well. If you bothered to even read the page Semme listed, youd see that the release that RedHat put out is vulnerable. [sarcasm] And we all know that Red Hat builds Internet Explorer releases. [/sarcasm]
The first example I saw was explained using sun.org.mozilla.javascript.internal.DefiningClassLoader
It still exists even after Oracle patched for CVE-2013-0422. Im not going to waste time explaining an implementation of how this would work, becuase A) I dont think anyone cares, and B) if someone does care they can find examples online.

So since this can work in mozilla based browsers... isnt it relevant to us? Afterall, most of the broswers that puppy linux users use are mozilla based. (Firefox, Opera, SeaMonkey, etc) Some of those people might want to know.

But even if they didnt... I still dont see how your argument against this thread is valid. Just because the 'latest' threat may be Browser based does not invalidate having a single source for Java issues. You have stated that there are browser threads out there. Well why have broswer threads? Because when people are wondering about their browser they go there. If your logic were applied to that thread, issues with broswers shouldnt have their own thread and only be in the seperate threads for each puppy version. This is obviously nonsense, as having a single broswer thread makes information easier to find.
The same goes for Java... just because this most recent exploit is browser based does not mean that Java shouldnt have its own thread. As I mentioned before, previous java exploits were not browser based. So they cant be discussed in the 'browser thread' becuase they have nothing to do with the browser. So should we have a seperate thread for java threats that are not browser based? One thread for Java is simple and consolidated. Itll have java related information about all the exploits. People in the broswer thread can link to this if they want, when something gets posted here. Or not, what people do in that thread is up to them.

jpeps wrote:

gcmartin wrote:

The Homeland Security Announcement is an interesting one to say the least. It does NOT say that where the exploits have occurred or from whence it comes, just that it has been found. I dont remember a government anti-terrorist organization taking a public stance before now. So, this raises some personal questions on what the exploit most affects.

Rather, it raises questions regarding the purpose. In the past, exploiting public fear served the purpose of more big government restrictions and access...i.e, loss of personal freedom. Big government is very interested in controlling the internet.

Well if we are going to put on our tinfoil hats... shouldnt you also consider the possibility of governments using existing known flaws to infiltrate computers and networks? Stuxnet and Flame are examples of State Sponsored exploitation. (doesnt matter what country you think is responsible) With the speed of the takedown of the 'Red October' network thats made news recently... some think it too was state sponsored.
I dont know if it was or wasnt, and I dont know enough to make a comment on that. But cyber criminals are not the only ones who are utilizing exploits for gain. Google got nailed when they were accessing wifi networks. Do you think google wasnt puting all that data into their database? And since Google has no problem supplying the gov with information, if you are anti-gov, you wouldnt want anyone to have your data.

To re-iterate. This thread (or at least the first post) was intended to be a single spot where people can quickly check the most recent java release which they may have running on their system. It was not intended to be a thread about the evils of Java or how Java will kill your first born (obvious sarcasm), or how Java is the greatest thing since sliced bread. Although people can use this thread to discuss any aspect of Java Security... the intention of this thread is not to be a Java-fan thread nor a Java-bashing thread. This thread (or at least the first post) was intended to be a Java-security-information thread._________________

Where are you getting your 'facts'? Are you just taking your opinions and calling them 'facts' so that you seem knowledgable?

Why not attempt to install the plugin at the quoted link and find out for yourself? Older plugins don't install either. None of this is recent news, anyway. Mozilla has been blocking access since August of last year. All this has already been hashed out in other threads. How many times do we need to go through the same thing?

Where are you getting your 'facts'? Are you just taking your opinions and calling them 'facts' so that you seem knowledgable?

Why not attempt to install the plugin at the quoted link and find out for yourself? Older plugins don't install either. None of this is recent news, anyway. Mozilla has been blocking access since August of last year. All this has already been hashed out in other threads. How many times do we need to go through the same thing?

So your proof is that a single plugin wont install in mozilla? That's it? One single case that it doesn't work and you assume its a fact that every other possibility wont work either? Facts arent proved by single examples. They must be rigorously tested and verified.

Mozilla blocking whatever since last august hasnt done much for the exploits that were linux vulnerable in the entire Java 7u series. Mozilla may have put something in place last august, but it didnt help all the exploits that Oracle had to deal with in November and December last year that FireFox didnt stop._________________

Question
I think I remember seeing or hearing a LInux discussions that references "safe JAVA releases". If this is true, should this thread make reference to those, as well?

Here to help_________________Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Enginesor use DogPile

So your proof is that a single plugin wont install in mozilla? That's it? One single case that it doesn't work and you assume its a fact that every other possibility wont work either? Facts arent proved by single examples. They must be rigorously tested and verified.

You have a linux browser with a vulnerable java plugin? I have one on my windows computer with a big "disable" button next to it. But yes...if it's not available, I'm assuming it isn't available.

Question
I think I remember seeing or hearing a LInux discussions that references "safe JAVA releases". If this is true, should this thread make reference to those, as well?

Here to help

If you can find the information, I'll gladly add it to the first post. I know there are some who advocate still running java v6, but that's not necessarily the best choice for people, because since its an older version, it's limited in some functionality that people (and some programs) expect; and on top of that... its unknown if some new exploits work against it._________________

... and on top of that... its unknown if some new exploits work against it.

No it isn't. There are no computer languages that can't be exploited. Bash can be exploited.

Quote:

I know there are some who advocate still running java v6, but that's not necessarily the best choice for people...

Java is running on a few billion devices. Now that you've informed us, I'm sure everyone will proceed to delete it. Thanks for sharing.Last edited by jpeps on Sat 19 Jan 2013, 20:00; edited 2 times in total

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum